Claims: 

1. (Currently Amended) A method comprising: 

communicating -bv a parent using a client device-- a parental identity to an 
authentication server for verification; 

receiving a relationship ticl<et from the authentication server wheR after 
the parental identity has been successfully verified, wherein the relationship 
ticl<et received from the authentication server is encrypted so that the 
relationship ticket cannot be decrypted by [[a]] the client device which receives 
the relationship ticket, and wherein the relationship ticket includes the parental 
Identity and identifies a child who's access to a Web server is to be limited; 

qeneratlnq -bv the parent using the client device-- a request to establish a 
selected permission level for the child which will limit the child's access to the 
Web server; 

sendinq --bv the parent using the client device-- the request and the 
relationship ticket to the Web server fef fon 

decryption of the relationship ticket, ticket: 

performing an integrity check of the relationship ticket using a 
message authentication code contained within the relationship ticket: 

authentication of the parental identity, wherein the Web server 
authenticates the parental identity with the authentication server using the 
contents of the relationship ticket: and 

establishment of the selected permission level for the child; and 
receivinq --bv the parent using the client device-- a success code from the 
Web server if the selected permission level is established for the child. 
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2. (Original) A method as recited in claim 1 further including 
receiving a failure notification from the Web server if the selected permission 
level Is not established. 

3. (Original) A method as recited in claim 1 wherein sending the 
request to the Web server includes using an untrusted connection with the Web 
server. 

4. (Original) A method as recited in claim 1 wherein the request to 
the Web server is sent using an unsecure connection with the Web server. 

5. (Original) A method as recited in claim 1 wherein the relationship 
ticket is encrypted by the authentication server. 

6. (Original) A method as recited in claim 1 wherein the selected 
permission level is established if the relationship ticket is authenticated. 

7-9. (Canceled) 

10. (Original) A method as recited in claim 1 wherein the 
authentication server is a .NET Passport server. 
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11. (Original) A method as recited in claim 1 wherein selecting a 
permission level associated with a child's usage of a web site is performed by a 
parent of the child. 

12. (Currently Amended) One or more computer storage media 
co mp uter - rcodob i c memor i es including at least one tangible component, and 
containing a computer program that is executable by a processor to perform the 
method recited in claim 1. 
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13. (Currently Amended) A method comprising: 
communicating [TaH -by an employer using a client device-an employer 

identity to an authentication server for verification; 

receiving a relationship ticket from the authentication server when after 
the employer identity has been successfully verified, wherein the relationship 
ticket received from the authentication server is encrypted so that the 
relationship ticket cannot be decrypted by a client device which receives the 
relationship ticket, and wherein the relationship ticket includes the employer 
identity and identifies an employee who's access to a Web server is to be limited; 

generating a request to establish a selected permission level for the 
employee which will limit the employee's access to the Web server; 

sendinq --bv the client device- the request and the relationship ticket to 
the Web server for decryption of the relationship ticket, authentication of the 
employer identity, and establishment of the selected permission level for the 
employee; and 

receivinq --bv the client device- a success code from the Web server if the 
selected permission level is established for the employee. 

14. (Original) A method as recited in claim 13 wherein the relationship 
ticket is encrypted by the authentication server. 

15. (Original) A method as recited in claim 13 wherein the relationship 
ticket is encrypted by the authentication server, and wherein the relationship 
ticket is decrypted by the Web server. 

16-17. (Canceled) 
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18. (Currently Amended) One or more computer storage media 
computer r e adable memories including at l east one tangible component, and 
containing a computer program that is executable by a processor to perform the 
method recited in claim 13. 

19-27. (Canceled) 
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28. (Currently Amended) One or more computer storage media 

compu te r readable mcmoricG i nc l uding at least one tangible component, and 
having stored thereon a computer program that, when executed by one or more 
processors, causes the one or more processors to: 

select -by a manager's client device- a permission level associated with an 
associate's access to a Web server; 

obtain -bv the manager's client device- a relationship ticket from an 
authentication server, wherein the relationship ticket obtained from the 
authentication server is encrypted and Includes information regarding a 
manager's identity and information regarding an identity of an associate who's 
access to the Web server is to be limited; 

generate a request to establish a selected permission level for the 
associate which will limit the associate's access to the Web server; 

send -bv the manager's client devlce- the request and the relationship 
ticket to the Web server via an unsecure communication link for decryption of 
the relationship ticket, authentication of the manager's identity, and 
establishment of the selected permission level for the associate; and 

receive -bv the manager's client device-- a success code from the Web 
server If the requested permission level is established for the associate. 
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29. (Currently Amended) One or more comp ut er readable computer 
storage media as recited in claim 28 wherein the relationship ticl<et is encrypted 
by the authentication server and decrypted by the Web server. 

30-31. (Canceled) 
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